<%#
 Copyright 2013-2025 the original author or authors from the JHipster project.

 This file is part of the JHipster project, see https://www.jhipster.tech/
 for more information.

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at

      https://www.apache.org/licenses/LICENSE-2.0

 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
-%>
# Consul HA cluster
#
# Based on https://artifacthub.io/packages/helm/bitnami/consul
# Note that as this is based on a StatefulSet, it will only work on Kubernetes >= 1.5
#
# By default, Consul and its UI is not accessible from outside the cluster for security reasons
# You can setup temporary access to it on localhost:8500 by running :
#   kubectl port-forward consul-0 8500 -n yourNamespace
#
# To check the state of your Consul cluster :
#   kubectl exec consul-0 -n yourNamespace -- sh -c 'consul members'
#
# To scale your Consul cluster :
#   kubectl patch statefulset/consul -n yourNamespace -p '{"spec":{"replicas": 5}}'
#
# To check the state of every node
#   for i in {0..4}; do kubectl exec consul-$i -n yourNamespace -- sh -c 'consul members'; done
apiVersion: <%= KUBERNETES_CORE_API_VERSION %>
kind: Secret
metadata:
  name: gossip-key
  namespace: <%= kubernetesNamespace %>
type: Opaque
data:
  gossip-key: SUcwRzF3N2c4QW5YMDA3cUEwWElqMTJG # a 24 chars base64 encoded string
---
apiVersion: <%= KUBERNETES_CORE_API_VERSION %>
kind: Service
metadata:
  name: consul-headless
  namespace: <%= kubernetesNamespace %>
  labels:
    app.kubernetes.io/name: consul
    app: consul
spec:
  clusterIP: None
  publishNotReadyAddresses: true
  ports:
    - name: http
      protocol: TCP
      port: 8500
    - name: rpc
      port: 8400
    - name: serflan-tcp
      protocol: TCP
      port: 8301
    - name: serflan-udp
      protocol: UDP
      port: 8301
    - name: rpc-server
      port: 8300
    - name: dns-tcp
      port: 8600
    - name: dns-udp
      protocol: UDP
      port: 8600
  selector:
    app.kubernetes.io/name: consul
    app: consul
  sessionAffinity: None
---
apiVersion: v1
kind: Service
metadata:
  name: consul-ui
  namespace: <%= kubernetesNamespace %>
  labels:
    app.kubernetes.io/name: consul
    app: consul
spec:
  type: ClusterIP
  sessionAffinity: None
  ports:
    - name: http
      port: 8500
      targetPort: http
  selector:
    app.kubernetes.io/name: consul
    app: consul
---
apiVersion: <%= KUBERNETES_STATEFULSET_API_VERSION %>
kind: StatefulSet
metadata:
  name: consul
  namespace: <%= kubernetesNamespace %>
  labels:
    app.kubernetes.io/name: consul
    app: consul
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: consul
      app: consul
  replicas: 3
  serviceName: consul-headless
  podManagementPolicy: Parallel
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app.kubernetes.io/name: consul
        app: consul
<%_ if (istio) { _%>
      annotations:
        sidecar.istio.io/inject: "false"
<%_ } _%>
    spec:
      affinity:
        podAffinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - podAffinityTerm:
                labelSelector:
                  matchLabels:
                    app.kubernetes.io/name: consul
                    app: consul
                namespaces:
                  - <%= kubernetesNamespace %>
                topologyKey: kubernetes.io/hostname
              weight: 1
        nodeAffinity:

      securityContext:
        fsGroup: 1001
      containers:
        - name: consul
          image: <%= dockerContainers.consul %>
          imagePullPolicy: "IfNotPresent"
          securityContext:
            allowPrivilegeEscalation: false
            runAsNonRoot: true
            runAsUser: 1001
          ports:
            - name: http
              containerPort: 8500
            - name: rpc
              containerPort: 8400
            - name: serflan-tcp
              protocol: "TCP"
              containerPort: 8301
            - name: serflan-udp
              containerPort: 8301
              protocol: "UDP"
            - name: rpc-server
              containerPort: 8300
            - name: dns-tcp
              containerPort: 8600
            - name: dns-udp
              containerPort: 8600
              protocol: "UDP"
          resources:
            requests:
              cpu: "100m"
              memory: "512Mi"
          env:
            - name: BITNAMI_DEBUG
              value: "false"
            - name: CONSUL_NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: CONSUL_RETRY_JOIN
              value: "consul-headless.<%= kubernetesNamespace %>.svc.cluster.local"
            - name: CONSUL_DISABLE_KEYRING_FILE
              value: "true"
            - name: CONSUL_BOOTSTRAP_EXPECT
              value: "3"
            - name: CONSUL_RAFT_MULTIPLIER
              value: "1"
            - name: CONSUL_DOMAIN
              value: "consul"
            - name: CONSUL_DATACENTER
              value: "dc1"
            - name: CONSUL_UI
              value: "true"
            - name: CONSUL_HTTP_PORT_NUMBER
              value: "8500"
            - name: CONSUL_DNS_PORT_NUMBER
              value: "8600"
            - name: CONSUL_RPC_PORT_NUMBER
              value: "8400"
            - name: CONSUL_SERF_LAN_PORT_NUMBER
              value: "8301"
          envFrom:
          livenessProbe:
            exec:
              command:
                - consul
                - operator
                - raft
                - list-peers
            initialDelaySeconds: 30
            periodSeconds: 10
            timeoutSeconds: 5
            successThreshold: 1
            failureThreshold: 6
          readinessProbe:
            exec:
              command:
                - consul
                - members
            initialDelaySeconds: 5
            periodSeconds: 10
            timeoutSeconds: 5
            successThreshold: 1
            failureThreshold: 6
          lifecycle:
            preStop:
              exec:
                command:
                  - consul
                  - leave
          volumeMounts:
            - name: data
              mountPath: /bitnami/consul
      volumes:
  volumeClaimTemplates:
    - metadata:
        name: data
      spec:
        accessModes:
          - "ReadWriteOnce"
        resources:
          requests:
            storage: "8Gi"
